[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.568463] audit: type=1400 audit(1600985208.007:8): avc: denied { execmem } for pid=6493 comm="syz-executor557" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.572794] ================================================================================ [ 40.597043] UBSAN: Undefined behaviour in drivers/usb/usbip/vhci_hcd.c:603:42 [ 40.604302] shift exponent 768 is too large for 32-bit type 'int' [ 40.610517] CPU: 1 PID: 6493 Comm: syz-executor557 Not tainted 4.19.147-syzkaller #0 [ 40.618371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.627702] Call Trace: [ 40.630274] dump_stack+0x22c/0x33e [ 40.633887] ubsan_epilogue+0xe/0x3a [ 40.637583] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.643708] ? vhci_hub_control+0x715/0x2590 [ 40.648098] ? do_raw_spin_lock+0xcb/0x220 [ 40.652315] vhci_hub_control.cold+0x18a/0x48c [ 40.656879] ? vhci_hcd_probe+0x230/0x230 [ 40.661009] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.666002] ? __kmalloc+0x436/0x4f0 [ 40.669693] ? usb_hcd_submit_urb+0x663/0x20d0 [ 40.674256] usb_hcd_submit_urb+0xb7e/0x20d0 [ 40.678645] ? vhci_hcd_probe+0x230/0x230 [ 40.682774] ? unlink1+0x500/0x500 [ 40.686307] ? ksys_ioctl+0x9b/0xc0 [ 40.689924] ? __x64_sys_ioctl+0x6f/0xb0 [ 40.693977] ? do_syscall_64+0xf9/0x670 [ 40.697929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.703288] ? do_syscall_64+0xf9/0x670 [ 40.707242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.712590] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.717601] usb_submit_urb+0xba2/0x13b0 [ 40.721646] usb_start_wait_urb+0x108/0x2b0 [ 40.725951] ? usb_api_blocking_completion+0xa0/0xa0 [ 40.731055] ? __kmalloc+0x436/0x4f0 [ 40.734745] ? memset+0x20/0x40 [ 40.738006] usb_control_msg+0x31c/0x4a0 [ 40.742048] ? usb_start_wait_urb+0x2b0/0x2b0 [ 40.746518] ? __mutex_add_waiter+0x160/0x160 [ 40.750992] ? snoop_urb+0x64/0x2c0 [ 40.754595] proc_control+0x360/0x6d0 [ 40.758376] ? proc_do_submiturb+0x3af0/0x3af0 [ 40.762936] ? lock_acquire+0x170/0x3f0 [ 40.766891] ? check_preemption_disabled+0x41/0x2b0 [ 40.771889] usbdev_do_ioctl+0x15fc/0x3580 [ 40.776104] ? proc_bulk+0x700/0x700 [ 40.779807] ? avc_ss_reset+0x170/0x170 [ 40.783764] ? __kasan_slab_free+0x186/0x1f0 [ 40.788150] ? kmem_cache_free+0x7f/0x2b0 [ 40.792277] ? putname+0xe1/0x130 [ 40.795723] ? do_sys_open+0x2ba/0x520 [ 40.799589] ? do_syscall_64+0xf9/0x670 [ 40.803542] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.808905] ? mark_held_locks+0xf0/0xf0 [ 40.812961] ? find_held_lock+0x2d/0x110 [ 40.817014] ? debug_check_no_obj_freed+0x201/0x482 [ 40.822013] ? lock_downgrade+0x750/0x750 [ 40.826148] ? usbdev_compat_ioctl+0x30/0x30 [ 40.830533] usbdev_ioctl+0x21/0x30 [ 40.834144] do_vfs_ioctl+0xcdb/0x12e0 [ 40.838030] ? selinux_file_ioctl+0x44f/0x5e0 [ 40.842503] ? ioctl_preallocate+0x200/0x200 [ 40.846896] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.852327] ? walk_component+0xc00/0xda0 [ 40.856450] ? putname+0xe1/0x130 [ 40.859883] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.864964] ? putname+0xe1/0x130 [ 40.868402] ksys_ioctl+0x9b/0xc0 [ 40.871838] __x64_sys_ioctl+0x6f/0xb0 [ 40.875703] do_syscall_64+0xf9/0x670 [ 40.879497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.884663] RIP: 0033:0x443f39 [ 40.887836] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.906717] RSP: 002b:00007ffdea4f85e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.914403] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00